[gnutls-devel] GnuTLS | GnuTLS chokes on two examples from RFC 4134 (#612)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon Nov 12 01:33:11 CET 2018
4.5 can be fixed with the following patch. According to CMS spec BER is allowed there:
```diff
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 955cb5ae9cce..e6e40ead26fb 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -111,7 +111,7 @@ static int _decode_pkcs7_signed_data(gnutls_pkcs7_t pkcs7)
/* Try reading as octet string according to rfc5652. If that fails, attempt
* a raw read according to rfc2315 */
- result = _gnutls_x509_read_string(c2, "encapContentInfo.eContent", &pkcs7->der_signed_data, ASN1_ETYPE_OCTET_STRING, 0);
+ result = _gnutls_x509_read_string(c2, "encapContentInfo.eContent", &pkcs7->der_signed_data, ASN1_ETYPE_OCTET_STRING, 1);
if (result < 0) {
result = _gnutls_x509_read_value(c2, "encapContentInfo.eContent", &pkcs7->der_signed_data);
if (result < 0) {
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/612#note_116342741
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181112/0ebf11ce/attachment.html>
More information about the Gnutls-devel
mailing list